package com.dean.practice.gateway.config.uaa;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;

/**
 * @author Dean
 * @date 2021-05-07
 */
@Configuration
@EnableWebFluxSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceSecurityConfig {

    public static String[] defaultPermitPath = {"/actuator/**",
            "/swagger-ui.html",
            "*.css",
            "*.js",
            "/webjars/**",
            "/**/**/api-docs",
            "/swagger-resources/**",
            "/consumer/**",
            "/producer/**",
            "/login/**", "/logout/**", "/error/**", "/oauth/token/**", "/**/.well-known/**"};

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http.authorizeExchange()
                .pathMatchers(defaultPermitPath).permitAll()
                .anyExchange().authenticated();
        // 异常处理
        http.exceptionHandling()
                .accessDeniedHandler(new DnDefaultAccessDeniedHandler())
                .authenticationEntryPoint(new DnDefaultAuthenticationEntryPoint());
        http.oauth2ResourceServer()
                .jwt();
        http.csrf().disable();
        return http.build();
    }


}